Testing for Samba CVE-2015-0240 with UpGuard

Posted by UpGuard

Microsoft has announced a vulnerability in Samba, the widely used SMB/CIFS protocol for Windows/*nix interoperability. The vulnerability exists in versions 3.5.0 to 4.2.0rc4 and allows malicious clients to manipulate the host such that clients can execute code via a netlogon packet.

There are already patches available for each of the affected versions. For Samba 4.0 and above you can solve the problem simply by including a line to disable netlogon.

On Samba versions 4.0.0 and above, add the line:

rpc_server:netlogon=disabled

to the [global] section of your smb.conf.

To ensure that you are no longer vulnerable, we've added a check to our library of public policies. The check will give you a thumbs up/thumbs down on whether your nodes are patched and allow you to drill down into why they failed.

Testing for Samba CVE-2015-0240 with UpGuard

This node failed the test. We can click on the "check content" portion of the policy results to understand exactly what test was being run and why it failed. 

Testing for Samba CVE-2015-0240 with UpGuard

This node was supposed to have the netlogon=disabled solution but evidently the patch was not correctly applied. Having UpGuard there to check our work ensures that we are secure and have a record of the steps taken to ensure compliance. 

 

 

Top Windows 10 Vulnerabilities & How to Fix Them

More Blogs

The "Hacking" Of 000webhost—Or Why Free Should Never Be Synonymous With Unsecure

So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Read Blog >

Why We Made Our Vulnerability Assessment Free for Everyone

Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Read Blog >

Understanding Risk in the 21st Century

Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?
Read Blog >

Topics: upguard, policies

UpGuard Customers